asyncrat | 7772e47f23947ab8ec3ccd03173e02e73252b906cc780681447049e12d4cb9cb | Triage

Resubmissions

09-11-2024 16:16

241109-tq8bssxgql 10

09-11-2024 16:15

241109-tqdgesxfpa 10

Sharing

General

Target

lol.bat
Size

279KB
Sample

241109-tqdgesxfpa
MD5

b5c81dca8f6b148790d14c93ba1788d4
SHA1

11fa7bdf65ac8b835b27c895f3d3e357f87a28f2
SHA256

7772e47f23947ab8ec3ccd03173e02e73252b906cc780681447049e12d4cb9cb
SHA512

14bb171192854a481b7d26ec69e3dc7ffbe55755c3191629697298553ce919d5b1bd4719531b271304a530e5a01478bad0167f6fb66ae8d869da1f34b8713b51
SSDEEP

6144:5toA7r23ZOt+yxLqRvs+wAbTXJuE/SzXm3+gK+4QpTz:4AsOkmqTPbTJuEcmut+ppTz

Score

10^/10

asyncrat default execution rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:32758

pressure-continuous.gl.at.ply.gg:32758

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  lol.bat
- Size
  
  279KB
- MD5
  
  b5c81dca8f6b148790d14c93ba1788d4
- SHA1
  
  11fa7bdf65ac8b835b27c895f3d3e357f87a28f2
- SHA256
  
  7772e47f23947ab8ec3ccd03173e02e73252b906cc780681447049e12d4cb9cb
- SHA512
  
  14bb171192854a481b7d26ec69e3dc7ffbe55755c3191629697298553ce919d5b1bd4719531b271304a530e5a01478bad0167f6fb66ae8d869da1f34b8713b51
- SSDEEP
  
  6144:5toA7r23ZOt+yxLqRvs+wAbTXJuE/SzXm3+gK+4QpTz:4AsOkmqTPbTJuEcmut+ppTz
Score

10^/10

execution asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Async RAT payload
  rat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

asyncratdefaultexecutionrat